/**
* Method to validate form data.
*
* Validation warnings will be pushed into JForm::errors and should be
* retrieved with JForm::getErrors() when validate returns boolean false.
*
* @param array $data An array of field values to validate.
* @param string $group The optional dot-separated form group path on which to filter the
* fields to be validated.
*
* @return boolean True on success.
*
* @since 1.7.0
*/
public function validate($data, $group = null)
{
// Make sure there is a valid Form XML document.
if (!$this->xml instanceof \SimpleXMLElement) {
throw new \UnexpectedValueException(sprintf('%s::%s `xml` is not an instance of SimpleXMLElement', \get_class($this), __METHOD__));
}
$return = true;
// Create an input registry object from the data to validate.
$input = new Registry($data);
// Get the fields for which to validate the data.
$fields = $this->findFieldsByGroup($group);
if (!$fields) {
// PANIC!
return false;
}
// Validate the fields.
foreach ($fields as $field) {
$name = (string) $field['name'];
// Define field name for messages
if ($field['label']) {
$fieldLabel = $field['label'];
// Try to translate label if not set to false
$translate = (string) $field['translateLabel'];
if (!($translate === 'false' || $translate === 'off' || $translate === '0')) {
$fieldLabel = Text::_($fieldLabel);
}
} else {
$fieldLabel = Text::_($name);
}
$disabled = (string) $field['disabled'] === 'true' || (string) $field['disabled'] === 'disabled';
$fieldExistsInRequestData = $input->exists($name) || $input->exists($group . '.' . $name);
// If the field is disabled but it is passed in the request this is invalid as disabled fields are not added to the request
if ($disabled && $fieldExistsInRequestData) {
throw new \RuntimeException(Text::sprintf('JLIB_FORM_VALIDATE_FIELD_INVALID', $fieldLabel));
}
// Get the field groups for the element.
$attrs = $field->xpath('ancestor::fields[@name]/@name');
$groups = array_map('strval', $attrs ?: []);
$attrGroup = implode('.', $groups);
$key = $attrGroup ? $attrGroup . '.' . $name : $name;
$fieldObj = $this->loadField($field, $attrGroup);
if ($fieldObj) {
$valid = $fieldObj->validate($input->get($key), $attrGroup, $input);
// Check for an error.
if ($valid instanceof \Exception) {
$this->errors[] = $valid;
$return = false;
}
} elseif (!$fieldObj && $input->exists($key)) {
// The field returned false from setup and shouldn't be included in the page body - yet we received
// a value for it. This is probably some sort of injection attack and should be rejected
$this->errors[] = new \RuntimeException(Text::sprintf('JLIB_FORM_VALIDATE_FIELD_INVALID', $key));
}
}
return $return;
}